Abstract

Code-reuse attacks such as return-oriented programming constitute a powerful zero-day exploitation technique that is frequently leveraged to compromise software on a wide range of architectures. These attacks generate malicious computation based on existing code (so-called gadgets) residing in linked libraries. The good news is that both academia and industry have proposed defense techniques to mitigate code-reuse attacks. On the other hand, a continuous arms race has evolved between attacks and defenses. In this talk, we will elaborate on the evolution of code-reuse attacks. In particular, we explore two prominent defense techniques: control-flow integrity (CFI) and code randomization. We demonstrate that existing defenses, including Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), can be bypassed with advanced code-reuse attack techniques. Further, we discuss promising research directions such as hardware-assisted defenses, attestation of a program’s control flows, and protection against these attacks at the kernel layer.